GHSA-r4mw-gxf7-vxr9

Source

https://github.com/advisories/GHSA-r4mw-gxf7-vxr9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r4mw-gxf7-vxr9/GHSA-r4mw-gxf7-vxr9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r4mw-gxf7-vxr9

Aliases

CVE-2020-0606

Published

2022-05-24T17:06:16Z

Modified

2023-11-08T04:01:54.701330Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Remote code execution in Microsoft.WindowsDesktop.App.Ref

Details

A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

Database specific

{
    "nvd_published_at": "2020-01-14T23:15:00Z",
    "github_reviewed_at": "2022-07-28T22:08:12Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

NuGet / Microsoft.WindowsDesktop.App.Ref

Package

Name: Microsoft.WindowsDesktop.App.Ref; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Ref

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.1

Fixed

3.0.2

Affected versions

3.*

3.0.1

NuGet / Microsoft.WindowsDesktop.App.Ref

Package

Name: Microsoft.WindowsDesktop.App.Ref; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Ref

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.1

Affected versions

3.*

3.1.0

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x86

Package

Name: Microsoft.WindowsDesktop.App.Runtime.win-x86; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.2

Affected versions

3.*

3.0.0

3.0.1

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x86

Package

Name: Microsoft.WindowsDesktop.App.Runtime.win-x86; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.11

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x64

Package

Name: Microsoft.WindowsDesktop.App.Runtime.win-x64; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.2

Affected versions

3.*

3.0.0

3.0.1

NuGet / Microsoft.WindowsDesktop.App.Runtime.win-x64

Package

Name: Microsoft.WindowsDesktop.App.Runtime.win-x64; View open source insights on deps.dev
Purl: pkg:nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.11

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.5

3.1.6

3.1.7

3.1.8

3.1.9

3.1.10